Payment Authentication

E-Commerce has been going through a boom and the security challenges that come with online transactions have increased as well. In this article, we’ll take a closer look at different payment authentication methods.


What is Payment Authentication?

Payment authentication is the process of confirming a customer's identity through at least one of the following authentication factors: knowledge, inherence, ownership, and user location.

Knowledge is the most common category used for transaction authentication.

The knowledge factor is the information that only the cardholder possesses: personal password, PIN, a secret word like your mother's maiden name, your favorite vacation spot, etc. A knowledge-based authentication factor is also known as the Challenge-Handshake Authentication Protocol (CHAP).

Here's how the Challenge-Handshake Authentication Protocol works:

Just like the knowledge factor, the ownership authentication factor uses a piece of information that only the user possesses. However, unlike the previous factor, which can easily be passed on to a friend or a relative, the ownership factor cannot be shared. The typical examples of ownership authentication are a key, a signature, a token, or a certificate.

The inherence factor is the most sophisticated of the four. Inherence authentication includes biodata confirmation, such as voice recognition, face recognition, or iris recognition.

User location can also be considered an authentication factor. Most devices that connect to the internet have some type of GPS. This enables reliable location confirmation. If a user's location does not match a record in his bank file, the transaction may be declined.


What Are the Top Payment Authentication Tools?

The e-commerce market evolves by leaps and bounds, and so do Payment Authentication Tools. Here are some trendiest of them:

3D Secure 2 (3DS2)

The 3DS2 stands for the three domains of online payment. This authentication protocol was originally designed by major credit card networks to combat fraud and chargebacks.

The backbone of the 3DS2 protocol is composed of the issuing bank (or other financial institution issuing a card), the Acquirer (the merchant’s bank), and the payment processor.

In order to process a 3DS2 transaction, your customer will have to go through an extra step in allowing the issuer to identify the client’s identity.


    How to prepare for 3DS2? To make sure that your business is 3DS2-ready, all four components of 3DS2 should pass compliance. Read this article and find out more about 3D Secure.

Address Verification Systems (AVS)

Address Verification Systems (AVS) is a fraud-prevention tool invented by credit card processors and issuing banks. Currently, this helpful credit card processing tool is only available in Canada, the US, and the UK.

The AVS compares the billing address submitted by the payer with the cardholder's billing address provided by the issuing bank.

Most of the time, the request for Address Verification is submitted alongside with payment information. After the payee presents his/her billing address information, the issuing bank responds back with a code corresponding to how accurate the address entered is. As a result, the merchant gets either partial, full, or no AVS match.

Depending on the AVS code returned, a seller can cancel, investigate, or approve the order.

Even though AVS can't guarantee a 100% fraud prevention, it can help significantly reduce the number of fraudulent transactions and avoid costly chargebacks.


    Not all payment gateways are created equal. Even if your current system does not support AVS, you can still get AVS from the payee's issuing bank for MasterCard and VISA.


As a general rule of thumb, international transactions are considered to be at a higher risk of fraud. Therefore, Geolocation is quite a useful tool to help with strong authentication in card-non-present transactions.

Geolocation uses wifi signals that devices can pick up to determine the geographic location of the payer.

Geolocation doesn't verify the actual identity of a user. When a payer's card is registered in one country, but used in a different one, the transaction has a high chance of being declined. To resolve a declined payment, the cardholder will have to get in touch directly with their issuing bank.


    There are plenty of tools (including some free ones) that can help you pair the available geographical location of the cardholder with an actual IP address.

The technology is not always 100% accurate. However, it can raise a red flag and provide a lot of valuable data when it comes to the fraud scoring process.


Behavioral Analytics

As scammers are getting smarter, so are credit card processors and banks.

Behavioral analytics is another powerful data-driven, fraud-prevention tool.

It is a new method of analyzing consumer spending behaviors, based on the data available from payment processors and credit card networks.

The data can be used both to get some insights on the purchasing behavior of a big group of consumers and to build individual profiles for each customer.

So when the suspicious/non-typical behavior occurs, the system singles it out as a potentially fraudulent transaction.


    Browsing behavior, spending habits, product preferences, even mouse dynamics are examples of behavioral data used in this type of analysis. Not only can behavioral analytics be used to detect compromised transactions, but you can utilize them to predict future trends and improve conversion rates


The Future of Digital Payment Authentication

Biometric identification is, without a doubt, the future of CNP payments. The Second Revision of Payment Services Directive in the EU (also known as PSD2) is placing a big emphasis on biometrics authentication.

Biometric identification uses unique biological identifiers like voice, fingerprint, iris scanning, and face recognition to authenticate the payer.

Not only will biometric authentication offer enhanced secure payments, but it will also improve the overall user’s buying experience. And with enhanced customer experience come improved conversion rates.

Payment specialists give biometric authentication another few years until it becomes mainstream. You can, however, start updating your business legacy systems to keep up with the ever-changing payments security landscape.